Iran Hackers Target U.S. Campaign Official with Phishing Email

Microsoft has released a new report (PDF link) sharing cybersecurity intelligence that has tracked Iran’s intent to influence and interfere with the 2024 United States Presidential Election. Recent weeks have detected an increase in Iranian influence campaigns on trending election-related topics to purposefully stir controversy and sway voters, especially in swing states. Second, Microsoft has detected Iranian efforts to gain intelligence on political campaigns and help them influence future U.S. elections.

Iranian influence operations tied to Islamic Revolutionary Guard Corps (IRGC)

According to Microsoft, many contributing Iranian hackers and cyber actors have affiliations tied to the Islamic Revolutionary Guard Corps (IRGC), part of the Iranian Armed Forces. Microsoft tracks these actors separately depending on the tactics, techniques, and procedures (TTPs) demonstrated.

Responsible actor groups affiliated with the IRGC include Cotton Sandstorm, Lemon Sandstorm, and Peach Sandstorm (aka APT33).

The Microsoft Threat Analysis Center (MTAC) released the report, which has been monitoring Russia, Iran, and China’s attempts to conduct influence operations on U.S. elections. An earlier report on the three countries’ activities was released in April 2024.

MTAC also released a report on Russian disinformation campaigns on the 2024 Paris Olympics Games. Automated disinformation bots were prevalent across major social media platforms, designed to denigrate the IOC’s reputation and “create an expectation of violence” in Paris.

Microsoft found that Iranian hackers and cyber operations have also remained active in targeting the Israel-Hamas ongoing conflict. Iranian influence campaigns try to divide public sentiment and sway support against Israel and U.S. involvement.

Iran weaponizing social media platforms and creating fake news outlets for disinformation

The report notes that Iranian hackers and cyber influencers are weaponizing social media platforms to sow discord and disinformation amongst the U.S. voting population. Iranian-linked actors achieve this by amplifying existing divisive issues within the U.S., such as racial tensions, economic disparities, and gender-related issues that political parties and groups align to.

Iranian cyber actors are imitating extremist-aligned American actors and groups and seeding online personas into active public platforms.

Iranian-created news outlets are also used to spread disinformation, according to the report. An Iranian network Microsoft tracks as Storm-2035 created faux news outlets such as “Nio-Think” to engage U.S. voters on polarizing topics.

Divisive issues such as Presidential candidates, LGBTQ+ rights, and the Israel-Hamas war conflict were covered on the Iranian-linked news outlets that originated as early as 2022.

Nio Think targets liberal and progressive voters, with multiple articles insulting former President Donald Trump as an “opioid elephant in a MAGA China shop.”

Some outlets, such as EvenPolitics, are still operating, posting “10 articles a week,” according to Microsoft and Mandiant. However, social media platforms have taken EvenPolitics’s accounts down.

Iranian disinformation campaigns highlight concerns with AI and Election cybersecurity

Disinformation remains a popular cyber operation across many nation-states attempting to sway public support, sentiment, or behavior on divisive topics. Combined with readily available AI and Generative AI tools, convincing influence campaigns can be disruptive.

Deepfakes are also incredibly damaging when convincing, such as an ElevenLabs-generated voice of U.S. President Joe Biden telling voters not to vote in regional elections in early 2024. Deepfakes are also targeting celebrities such as Taylor Swift, creating faux nude or explicit photos.

Leading tech companies such as Microsoft, Meta, Google, and OpenAI have pledged support for mitigating the risks of artificial intelligence disrupting the 2024 elections.


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.

Join the Discussion